Apparatus, Method and Computer Program Product for Authenticating Communication Terminal

1. An authentication apparatus connectable to at least one communication terminal via a first network, connected via a second network to at least one server that provides a function to the communication terminal based on setting data received from the communication terminal, and connected via the second network to a plurality of repeaters that relay the first network and the second network, the authentication apparatus authenticating the communication terminal as a pre-processing of the function provided by the server, the authentication apparatus comprising: a first storage unit configured to store a plurality of pieces of repeater information, each piece of the repeater information containing a repeater ID and processing capability information of one of the plurality of repeaters connected via the second network; a first receiving unit configured to receive a first message for requesting to start an authentication from the communication terminal connected via the first network; an acquiring unit configured to acquire the plurality of pieces of repeater information from the first storage unit when the first receiving unit receives the first message; a processing unit configured to create a second message containing the acquired plurality of pieces of repeater information; a first transmitting unit configured to transmit the second message to the communication terminal; a second receiving unit configured to receive a third message from the communication terminal, the third message containing a first repeater ID selected by the communication terminal out of the plurality of repeater IDs contained in the second message by referring to the plurality of pieces of processing capability information contained in the second message; a third receiving unit configured to receive authentication data for authenticating from the communication terminal; an authentication unit configured to authenticate the communication terminal based on the authentication data; and a second transmitting unit configured to transmit setting data required for providing the function when the authentication unit decides that the communication terminal is authentic, to one of a first repeater corresponding to the first repeater ID contained in the third message and a server to which the first repeater relays a communication.

2. The apparatus according to claim 1 , wherein the server includes an address management server that manages an address of the communication terminal, the second receiving unit is configured to receive the third message containing the first repeater ID and the address of the communication terminal to be registered to the address management server, and the second transmitting unit is configured to transmit the address contained in the third message to the address management server as the setting data.

3. The apparatus according to claim 1 , wherein the server includes an event server that provides an event service to the communication terminal, the second receiving unit is configured to receive the third message containing the first repeater ID and a function ID that identifies the function to be provided by the event server, and the second transmitting unit is configured to transmit a fourth message containing a request to utilize the function corresponding to the function ID contained in the third message to the event server as the setting data.

4. The apparatus according to claim 1 , wherein the authentication unit is configured to create a key data that is used for a communication between the first repeater and the communication terminal, and the second transmitting unit is configured to transmit the key data to the first repeater corresponding to the first repeater ID contained in the third message as the setting data, when the authentication unit decides that the communication terminal is authentic.

5. The apparatus according to claim 1 , further comprising: a second storage unit configured to store a terminal ID for identifying the communication terminal and the first repeater ID, wherein the acquiring unit is configured to acquire from the second storage unit the repeater ID corresponding to the terminal ID of the communication terminal that receives the first message, and acquires repeater information corresponding to the acquired repeater ID from the first storage unit.

6. The apparatus according to claim 1 , further comprising: a third storage unit configured to store the repeater ID of the repeater and load data concerning processing load of the repeater, wherein the acquiring unit is configured to acquire the load data from the third storage unit, to acquire a repeater ID of a repeater that has a smallest processing load based on the acquired load data, and to acquire repeater information corresponding to the acquired repeater ID from the first storage unit.

7. The apparatus according to claim 6 , wherein the third storage unit is configured to store the repeater ID and the load data as a number of communication terminals to which the repeater relays a communication, and the acquiring unit is configured to acquire a repeater ID of a repeater that has a smallest number of communication terminals connected thereto as the repeater ID from the third storage unit, and to acquire the repeater information corresponding to the acquired repeater ID from the first storage unit.

8. The apparatus according to claim 1 , wherein the first transmitting unit is configured to transmit the second message containing the plurality of pieces of repeater information to the communication terminal as a response message to the first message.

9. The apparatus according to claim 8 , wherein the second receiving unit is configured to receive the third message containing the first repeater ID from the communication terminal as a response message to the second message.

10. The apparatus according to claim 1 , wherein the first receiving unit is configured to receive as the first message from the communication terminal a protocol for carrying authentication for network access (PANA)-authentication agent (PAA)-Discover message based on the PANA, the first transmitting unit is configured to transmit as the second message to the communication terminal a PANA-Start-Request message based on the PANA, and the second receiving unit is configured to receive as the third message from the communication terminal a PANA-Start-Answer message based on the PANA.

11. The apparatus according to claim 1 , wherein the first storage unit is configured to store the plurality of pieces of repeater information, each piece of the repeater information containing the repeater ID of the repeater, wherein the repeater is a proxy server based on a session initiation protocol (SIP) and the processing capability information of one of the plurality of repeaters, and the second transmitting unit is configured to transmit the setting data to the server to which a proxy server corresponding to the first repeater ID contained in the third message relays a communication.

12. The apparatus according to claim 11 , wherein the second receiving unit is configured to receive the third message containing the first repeater ID and the address of the communication terminal to be registered to a location server based on the SIP, and the second transmitting unit is configured to transmit the address contained in the third message to the location server as the setting data.

13. The apparatus according to claim 12 , wherein the second transmitting unit is configured to transmit the address contained in the third message to the location server by transmitting a register message based on the SIP to the location server.

14. The apparatus according to claim 11 , wherein the second receiving unit is configured to receive the third message containing the first repeater ID and the function ID of the server that is an event server providing the function available based on the SIP, and the second transmitting unit is configured to transmit the function ID contained in the third message to the event server as the setting data.

15. The apparatus according to claim 14 , wherein the second transmitting unit is configured to transmit a subscribe message based on the SIP for requesting to utilize the function corresponding to the function ID contained in the third message to the event server.

16. The apparatus according to claim 11 , wherein the authentication unit is configured to create key data for a transport layer security (TLS) used for a communication between the repeater and the communication terminal, and the second transmitting unit is configured to transmit the key data to the first server when the authentication unit decides that the communication terminal is authentic.

17. An authentication method in an authentication apparatus connectable to at least one communication terminal via a first network, connected via a second network to at least one server that provides a function to the communication terminal based on setting data received from the communication terminal, and connected via the second network to a plurality of repeaters that relay the first network and the second network, the authentication apparatus authenticating the communication terminal as a pre-processing of the function provided by the server, the authentication method comprising: receiving a first message for requesting to start an authentication from the communication terminal connected via the first network; acquiring a plurality of pieces of repeater information from a first storage unit that stores the plurality of pieces of repeater information, each piece of repeater information containing a repeater ID and processing capability information of one of the plurality of repeaters connected via the second network, upon receiving the first message; creating a second message containing the acquired plurality of pieces of repeater information; transmitting the second message to the communication terminal; receiving a third message from the communication terminal, the third message containing a first repeater ID selected by the communication terminal out of the plurality of repeater IDs contained in the second message by referring to the plurality of pieces of processing capability information contained in the second message; receiving authentication data for authenticating from the communication terminal; authenticating the communication terminal based on the authentication data; and transmitting setting data required for providing the function when the authentication unit decides that the communication terminal is authentic, to one of a first repeater corresponding to the first repeater ID contained in the third message and a server to which the first repeater relays a communication.

18. A computer program product having a non-transitory computer readable medium including programmed instructions, wherein the instructions for authenticating a communication terminal as a pre-processing of the function to be provided by a server, when executed by a computer connectable to at least one communication terminal via a first network, connected via a second network to at least one server that provides a function to the communication terminal based on setting data received from the communication terminal, and connected via the second network to a plurality of repeaters that relay the first network and the second network, cause the computer to perform: receiving a first message for requesting to start an authentication from the communication terminal connected via the first network; acquiring a plurality of pieces of repeater information from a first storage unit that stores the plurality of pieces of repeater information, each piece of repeater information containing a repeater ID and processing capability information of one of the plurality of repeaters connected via the second network, upon receiving the first message; creating a second message containing the acquired plurality of pieces of repeater information; transmitting the second message to the communication terminal; receiving a third message from the communication terminal, the third message containing a first repeater ID selected by the communication terminal out of the plurality of repeater IDs contained in the second message by referring to the plurality of pieces of processing capability information contained in the second message; receiving authentication data for authenticating from the communication terminal; authenticating the communication terminal based on the authentication data; and transmitting setting data required for providing the function when the authentication unit decides that the communication terminal is authentic, to one of a first repeater corresponding to the first repeater ID contained in the third message and a server to which the first repeater relays a communication.